Why does including plaintext versions of emails increase bot activity?

Key findings

• Observed Anomaly: An A/B test indicated that including a plaintext version of an email correlated with an increase in bot clicks, specifically within the plaintext links.
• Corporate Filters: The primary suspect for this activity is corporate malware and security filters. These systems actively scan and interact with emails, often in ways that mimic human behavior, to identify potential threats.
• Link Processing: Security filters will follow links if they are deemed dubious by their heuristics. The presence of links in both HTML and plaintext versions effectively doubles the potential surface area for these automated scans.
• Data Complexity: Understanding this bot activity requires deep analysis of mailstream-specific data, including which links are followed in which messages sent to specific Mail Exchange (MX) records.

Key considerations

• Prioritize Deliverability: While bot activity can skew metrics, providing a plaintext version is crucial for improving email deliverability and ensuring your emails are accessible to all users and systems.
• Analyze Link Behavior: If experiencing significant bot clicks, particularly from plaintext, investigate whether the clicks originate only from the plaintext version or both. This can provide clues about the type of security scanning.
• Identify MX Records: Determine the Mail Exchange (MX) records for recipient domains to identify which security appliances (firewalls, anti-spam gateways) might be responsible for the bot activity. This allows for targeted troubleshooting, as suggested in email click bot analysis.
• Refine Metrics: Account for bot activity when analyzing email campaign performance. Realize that not all clicks represent human engagement. Techniques to avoid false email click and open data from anti-spam bots are essential for accurate reporting.

Key opinions

• Metric Distortion: Marketers are concerned that bot clicks, especially if originating solely from the plaintext version, distort engagement metrics like click-through rates, making it difficult to assess true subscriber interest.
• Best Practice Conflict: The challenge arises because including a plaintext version is a recognized best practice for accessibility and deliverability, yet it seemingly leads to undesirable bot interactions.
• Audience Impact: For audiences primarily using corporate Outlook environments, the issue is particularly salient due to the aggressive nature of enterprise-level email security systems.

Key considerations

• A/B Testing Insights: Conducting A/B tests can help identify if and how plaintext versions influence bot activity, providing empirical data for specific email programs.
• Understanding Bot Behavior: It's important to understand what bot activity in email marketing is to correctly interpret analytics and avoid misattributing engagement.
• Mitigating False Clicks: Marketers need strategies to identify and filter out bot clicks to ensure that their reported open and click rates accurately reflect human interaction and the true performance of their campaigns. This involves actively working to combat spam filter and bot clicks on emails.

Key opinions

• Malware Filter Behavior: Experts suggest that corporate malware filters are programmed to follow links that appear dubious based on their internal heuristics, and this scanning occurs irrespective of HTML or plaintext presentation.
• Increased Link Surface: If links exist in both plaintext and HTML versions, it effectively doubles the number of links available for automated systems to scan, potentially increasing recorded 'clicks' from these systems.
• Deep Data Dive: To truly understand the source of these bot clicks, experts recommend a detailed analysis of data, specifically looking at which links are clicked in which messages and the specific Mail Exchange (MX) records involved, to pinpoint the responsible appliances.
• Simplicity Factor: Some security systems might even prioritize scanning the plaintext version due to its simpler, more direct presentation of links, making it easier for automated tools to parse.

Key considerations

• Analyze MX Records: Perform MX record lookups for recipient domains. This can help identify specific mail filters or security appliances that might be causing the bot activity. While potentially a deep dive, it's necessary if the issue is business impacting.
• Understand Filter Heuristics: Recognize that corporate email filters employ complex heuristics. Their interaction with email content, including hidden or plaintext links, is an inherent part of their protective function, rather than an error. This is especially true for hidden links in emails.
• Data Segmentation: Segment your email data by recipient domain or MX to isolate patterns of bot behavior. This can help pinpoint specific problematic filters and allow for more targeted mitigation strategies, similar to how one might analyze Google Postmaster Tools data.

Key findings

• MIME Standard: RFCs define how email clients should handle multipart/alternative emails (e.g., HTML and plaintext), typically favoring the 'richest' format. However, security scanners process all parts for threat detection.
• Security Layering: Enterprise email security platforms (like Microsoft Defender for Office 365 or Google Workspace Security) employ multi-layered protections, including URL detonation and safe links features, which scan all links regardless of where they appear in the email.
• Comprehensive Scanning: Best practices for email security, often outlined by organizations like the Center for Internet Security (CIS) and NIST, recommend comprehensive scanning of both inbound and outbound email traffic for malicious content, which naturally extends to plaintext links.

Key considerations

• Security by Design: Recognize that email security systems are designed to be thorough. Their processing of plaintext links is a security feature, not a bug, aimed at protecting users from phishing and malware. This applies broadly to how email filters manage and modify or break links.
• Compliance Requirements: While increased bot activity is a concern, continuing to include plaintext versions aligns with accessibility and compliance standards, which are often non-negotiable for senders.
• Transparency in Reporting: When using email analytics tools, it is vital to understand their methodology for tracking clicks and whether they offer ways to differentiate human clicks from automated security scans. This ensures more accurate deliverability reporting.